Hello everyone! Currently I am working on PWA project. We build pwa with nuxt and drupal as backend. So I have a lot of secrets from backend and don`t know where store it.
Can you share your best practices?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
Hi, what exactly are you looking to hide?
A client side app usually communicate with a backend through a clear API with public endpoints. All tokens on your client side app should be public.
If you want to hide something, use your backend as a middleware (put the sensitive/private tokens there).
You can also use a private token during the build step (that one will only be available on the server, hence private).